{
	"id": "bd14d236-3dc0-4820-960c-cfbef597a547",
	"created_at": "2026-04-06T00:22:07.02555Z",
	"updated_at": "2026-04-10T13:11:46.030191Z",
	"deleted_at": null,
	"sha1_hash": "2889768ee70b1463b02142a31f76186d557d3835",
	"title": "Hacker leaks 386 million user records from 18 companies for free",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 2085079,
	"plain_text": "Hacker leaks 386 million user records from 18 companies for free\r\nBy Lawrence Abrams\r\nPublished: 2020-07-28 · Archived: 2026-04-05 16:19:06 UTC\r\nA threat actor is flooding a hacker forum with databases exposing expose over 386 million user records that they claim were\r\nstolen from eighteen companies during data breaches.\r\nSince July 21st, a seller of data breaches known as ShinyHunters has begun leaking the databases for free on a hacker forum\r\nknown for selling and sharing stolen data.\r\nhttps://www.bleepingcomputer.com/news/security/hacker-leaks-386-million-user-records-from-18-companies-for-free/\r\nPage 1 of 6\n\nA partial list of databases posted to the forum\r\nShinyHunters has been involved in or responsible for a wide assortment of data breaches this past year, including Wattpad,\r\nDave, Chatbooks, Promo.com, Mathway, HomeChef, and the breach of Microsoft private GitHub repository.\r\nhttps://www.bleepingcomputer.com/news/security/hacker-leaks-386-million-user-records-from-18-companies-for-free/\r\nPage 2 of 6\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/hacker-leaks-386-million-user-records-from-18-companies-for-free/\r\nPage 3 of 6\n\nVisit Advertiser websiteGO TO PAGE\r\nDatabases stolen in data breaches usually are privately sold first, with prices ranging between $500 (Zoosk) to $100,000\r\n(Wattpad). Once they are no longer profitable, threat actors commonly release them on hacker forums to increase their\r\ncommunity reputation.\r\nOf the databases released since July 21st, nine of them were already disclosed in some manner in the past.\r\nThe other nine, including Havenly, Indaba Music, Ivoy, Proctoru, Rewards1, Scentbird, and Vakinha, have not been\r\npreviously disclosed.\r\nThe full list of the 18 data breaches are listed below:\r\nCompany User Records Reported Breach Date Known?\r\nAppen.com 5.8 Million N/A No\r\nChatbooks.com 15.8 Million March 26th, 2020 Yes\r\nDave.com 7 Million July 2020 * Yes\r\nDrizly.com 2.4 Million July 2020 * No\r\nGGumim.co.kr 2.3 Million March 2020 * Yes\r\nHavenly.com  1.3 Million June 2020 * No\r\nHurb.com 20 Million N/A Yes\r\nIndabamusic.com 475 Thousand N/A No\r\nIvoy.mx 127 Thousand N/A No\r\nMathway.com 25.8 Million January 2020 * Yes\r\nProctoru.com 444 Thousand N/A No\r\nPromo.com 22 Million July 2020 Yes\r\nRewards1.com 3 Million July 2020 * No\r\nScentbird.com 5.8 Million N/A No\r\nSwvl.com 4 Million N/A Yes\r\nTrueFire.com 602 Thousand N/A Yes\r\nVakinha.com.br 4.8 Million N/A No\r\nWattpad 270 Million June 2020 * Yes\r\n* Based on threat actor's statements\r\nFrom the samples seen of these databases, BleepingComputer has confirmed that the exposed email addresses correspond to\r\naccounts on the services.\r\nThe combined databases expose over 386 million user records. While a password is not included in every record, for\r\nexample, promo.com, there is still a massive amount of information being disclosed that threat actors can use.\r\nWhen BleepingComputer asked ShinyHunters why they dumped all of these databases, we were told that they were leaked\r\nfor everyone's benefit.\r\n\"I just thought: 'I've made enough money now' so I leaked for everyone's benefit.\"\r\nhttps://www.bleepingcomputer.com/news/security/hacker-leaks-386-million-user-records-from-18-companies-for-free/\r\nPage 4 of 6\n\n\"Obviously, some people are a little upset because they paid resellers a few days ago, but I don't care,\" ShinyHunters told\r\nBleepingComputer.\r\nAre you a user of the listed services?\r\nBleepingComputer has contacted each of the companies being offered for free by ShinyHunters, but have not heard back\r\nfrom any of them.\r\nThis lack of response is common when a data breach is reported, and usually weeks, if not months later, the company will\r\nreport a data breach.\r\nTo be safe, if you are a user of one of the services listed above, I strongly advise you to change your password immediately\r\non the site.\r\nIf you use the same password at other sites, you should also change the password at those sites to a unique and strong one\r\nthat you only use for that site.\r\nUsing unique passwords prevents a data breach at one site from affecting you at other websites you use.\r\nTo assist you in keeping tracking of unique and strong passwords, I suggest you use a password manager application.\r\nThx to Cyble for the tip.\r\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nhttps://www.bleepingcomputer.com/news/security/hacker-leaks-386-million-user-records-from-18-companies-for-free/\r\nPage 5 of 6\n\nSource: https://www.bleepingcomputer.com/news/security/hacker-leaks-386-million-user-records-from-18-companies-for-free/\r\nhttps://www.bleepingcomputer.com/news/security/hacker-leaks-386-million-user-records-from-18-companies-for-free/\r\nPage 6 of 6",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/hacker-leaks-386-million-user-records-from-18-companies-for-free/"
	],
	"report_names": [
		"hacker-leaks-386-million-user-records-from-18-companies-for-free"
	],
	"threat_actors": [
		{
			"id": "c071c8cd-f854-4bad-b28f-0c59346ec348",
			"created_at": "2023-11-08T02:00:07.132524Z",
			"updated_at": "2026-04-10T02:00:03.422366Z",
			"deleted_at": null,
			"main_name": "ShinyHunters",
			"aliases": [],
			"source_name": "MISPGALAXY:ShinyHunters",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "6f7f2ed5-f30d-4a99-ab2d-f596c1d413b2",
			"created_at": "2025-10-24T02:04:50.086223Z",
			"updated_at": "2026-04-10T02:00:03.770068Z",
			"deleted_at": null,
			"main_name": "GOLD CRYSTAL",
			"aliases": [
				"Scattered LAPSUS$ Hunters",
				"ShinyCorp",
				"ShinyHunters"
			],
			"source_name": "Secureworks:GOLD CRYSTAL",
			"tools": [],
			"source_id": "Secureworks",
			"reports": null
		},
		{
			"id": "aa73cd6a-868c-4ae4-a5b2-7cb2c5ad1e9d",
			"created_at": "2022-10-25T16:07:24.139848Z",
			"updated_at": "2026-04-10T02:00:04.878798Z",
			"deleted_at": null,
			"main_name": "Safe",
			"aliases": [],
			"source_name": "ETDA:Safe",
			"tools": [
				"DebugView",
				"LZ77",
				"OpenDoc",
				"SafeDisk",
				"TypeConfig",
				"UPXShell",
				"UsbDoc",
				"UsbExe"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "d8dff631-87b0-4320-8352-becff28dbcf1",
			"created_at": "2022-10-25T16:07:24.565038Z",
			"updated_at": "2026-04-10T02:00:05.034516Z",
			"deleted_at": null,
			"main_name": "ShinyHunters",
			"aliases": [],
			"source_name": "ETDA:ShinyHunters",
			"tools": [],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434927,
	"ts_updated_at": 1775826706,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/2889768ee70b1463b02142a31f76186d557d3835.pdf",
		"text": "https://archive.orkl.eu/2889768ee70b1463b02142a31f76186d557d3835.txt",
		"img": "https://archive.orkl.eu/2889768ee70b1463b02142a31f76186d557d3835.jpg"
	}
}